I have a small network that has only one subnet. 192.168.3.0/27. My problem is that my users internet is somewhat slow and it will not allow any downloading of files to occur. Even if I allow the remark out the address in Dansguardian/exceptioniplist file is still will not allow unlimited downloading of any type such via ftp,http and etc. So this is where I suspect that it is SQUID.Here is the current configuration from squid.conf:
PHP Code:
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_dir ufs /var/spool/squid 100 16 256
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl lan src 192.168.3.0/27
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# Only allow cachemgr access from localhost
http_access allow lan
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all
http_reply_access allow all
#Allow ICP queries from everyone
icp_access allow all
visible_hostname Mindyourbizz
coredump_dir /var/spool/squid
This is what happen when I try and download xinetd from the centos website. This is snippet from my /var/log/squid/access.log
PHP Code:
[[B^[[B1205866146.625 461 127.0.0.1 TCP_CLIENT_REFRESH_MISS/200 127022 GET http://sunsite.utk.edu/ftp/pub/linux/CentOS/5.1/os/i386/CentOS/xinetd-2.3.14-10.el5.i386.rpm - DIRECT/160.36.178.159 audio/x-pn-realaudio-plugin
I am able to download certain format but not others. I have checked my /etc/danguardian/bannedextentionlist and others and everything is ok so what could it be?
Can anyone give me any feedback? thanks